Jonas Havelka
1 year ago
2 changed files with 0 additions and 57 deletions
@ -1,54 +0,0 @@ |
|||
from datetime import datetime, date |
|||
|
|||
from django.conf import settings |
|||
from django.http import HttpResponse, HttpResponseRedirect |
|||
|
|||
|
|||
|
|||
class LoggedInHintCookieMiddleware(object): |
|||
"""Middleware to securely help with 'logged-in' detection for dual HTTP/HTTPS sites. |
|||
|
|||
On insecure requests: Checks for a (non-secure) cookie settings.LOGGED_IN_HINT_COOKIE_NAME |
|||
and if present, redirects to HTTPS (same adress). |
|||
Note this usually breaks non-GET (POST) requests. |
|||
|
|||
On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect |
|||
whether an user is logged in in the current session (cookie set to 'True' or cleared). |
|||
The cookie is set to expire at the same time as the sessionid cookie. |
|||
|
|||
By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'. |
|||
""" |
|||
|
|||
def __init__(self): |
|||
if hasattr(settings, 'LOGGED_IN_HINT_COOKIE_NAME'): |
|||
self.cookie_name = settings.LOGGED_IN_HINT_COOKIE_NAME |
|||
else: self.cookie_name = 'logged_in_hint' |
|||
self.cookie_value = 'True' |
|||
|
|||
def cookie_correct(self, request): |
|||
return self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == self.cookie_value |
|||
|
|||
def process_request(self, request): |
|||
if not request.is_secure(): |
|||
if self.cookie_correct(request): |
|||
# redirect insecure (assuming http) requests with hint cookie to https |
|||
url = request.build_absolute_uri() |
|||
assert url[:5] == 'http:' |
|||
return HttpResponseRedirect('https:' + url[5:]) |
|||
return None |
|||
|
|||
def process_response(self, request, response): |
|||
if request.is_secure(): |
|||
# assuming full session info (as the conn. is secure) |
|||
try: |
|||
user = request.user |
|||
except AttributeError: # no user - ajax or other special request |
|||
return response |
|||
if user.is_authenticated(): |
|||
if not self.cookie_correct(request): |
|||
expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date() |
|||
response.set_cookie(self.cookie_name, value=self.cookie_value, expires=expiry, secure=False) |
|||
else: |
|||
if self.cookie_name in request.COOKIES: |
|||
response.delete_cookie(self.cookie_name) |
|||
return response |
Loading…
Reference in new issue